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Introduction 




• NASA is developing a new launch vehicle and spacecraft 
to provide the return of the United States to beyond Low 
Earth Orbit (LEO), otherwise referred to as deep space. 

• The new launch system is being developed with an abort 
system that will enable the crew to escape launch 
failures. 

• NASA has developed a comprehensive PRA of the 
integrated system, including the launch vehicle, 
spacecraft and ground launch facilities to optimize the 
risk reduction associated with designing this new launch 
system. 

• The scope of the analysis is focused on the ascent 
portion of the mission. 
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Overview of Space Launch 


• The Space Launch 
System (SLS) 
provides the capability 
to place exploration 
elements (e.g., Orion) 
into Low Earth Orbit 
(LEO) for transfer to 
higher orbits and 
beyond. 
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• The MPCV consists of a Crew Module (CM), a Service Module (SM), 
Spacecraft Adaptor (SA), and a Launch Abort System (LAS). 

- The CM provides a habitable pressurized volume to support crew 
members. 

- The SM provides services to the CM in the form of propulsion, 
consumables storage, heat rejection and power generation. The SM also 
provides abort capability for higher altitude aborts. 

- The LAS provides an abort capability to safely transport the CM away from 
the launch vehicle stack in the event of an emergency on the launch pad or 
during ascent, particularly lower altitude aborts. 
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Overview of Abort Operations 




• On the pad and at lower altitudes, MPCV Mode 1 abort (i.e., LAS 
Abort) capability is provided by the Orion LAS and may be 
performed any time after the LAS is armed on the launch pad until 
LAS jettison. 

• An emergency egress capability also exists on the pad to rescue the 
crew in the event of an emergency. 

• At higher altitudes, the SM is used to abort. 

- MPCV Mode 2 aborts are sub-orbital aborts that rely on the 
spacecraft separation mechanism to provide the separation. 

- MPCV Mode 4 abort capability leverages the SM Orbital 
Maneuvering System (OMS) engine to place Orion in orbit prior 
to return to Earth’s surface. 

• In all abort cases, the MPCV landing systems (e.g., chutes, etc.) 
must operate to ensure a successful abort and safe recovery of the 
crew. 
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Overview of Cross PRA Model 




• The Cross PRA (XPRA) model is a linked event tree - fault tree 
model. 

- Model was constructed using the Systems Analysis Programs for 
Hands-on Integrated Reliability Evaluations (SAPHIRE) tool. 

- A Methodology Document was developed to guide all 
participating programs in development of their models for input 
into the XPRA model. 

- The XPRA model consists of four event trees that are linked to 
hundreds of fault trees through decision logic and event tree 
rules. 

- Fault trees for MPCV, SLS, and Ground Systems Development 
Operations (GSDO) are mapped to the event tree top events. 

- In addition, the XPRA team created fault trees to integrate off- 
line simulation and Human Reliability Analysis (HRA) inputs into 
the model. 

- The three end-states that exist in the model are as follows: Loss 
of Crew (LOC), Loss of Mission (LOM), and OK. 
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Process Flow Diagram of XPRA Ascent Model 
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Dynamic Inputs to Cross PRA Model 




• The XPRA ascent model is a time-averaged based 
model; however, it does include results of off-line 
analyses: 

- Risk associated with abort environments (e.g., debris, 
blast, fireball) that exceed the capability of the Orion 
were assessed separately outside the model based 
on off-line time-dependent analysis. 

- MPCV abort performance was assessed separateiy 
outside the modei based on off-line Guidance, 
Navigation and Control (GN&C) trajectory analyses, 
based on simulated performance against selected 
abort performance metrics. 
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Human Reliability Anaiysis Overview 




• Given that some aborts must be initiated by the crew or 
ground, human error events were identified and included 
in the model. 

• Given the immaturity in the understanding of the 
operations of the vehicle at this early stage of the design, 
a screening methodology was utilized to quantify any 
human error events that were identified. 

• Human error events identified in this analysis were 
provided to the crew and operations for review. 

• At this point in the design, all of the assessments are 
considered preliminary. 
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Cross PRA Model Inputs 
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Applications of the Cross PRA Model 




• This model serves two important purposes: 

- It is used to verify whether the integrated system is meeting 
LOC/LOM requirements. 

- Provides a capability of showing risks of the integrated system 
that the individual program models (SLS or Orion) do not capture 
that can support a risk-informed design process. 

• This information can be used for example to optimize the 
abort triggers to try to maximize the risk reduction achievable 
with the abort system. 

• It can also point out areas of uncertainty where our 
knowledge of the design, operations and/or interfaces is not 
well understood, and more analysis and/or testing needs to 
be performed to better understand them. 
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Challenges 




• Numerous challenges have been encountered in the development of 
the XPRA ascent abort model, some of which are listed below: 

- There are issues associated with using the PRA in the design 
phase as opposed to the operational phase. 

- Trying to integrate very complex and dynamic events, which are 
not well understood, poses another challenge to this effort. 

- Following a self-integration approach across these NASA 
programs can yield some variations in modeling. 

- Given multiple programs with associated LOG requirements, it 
can be very difficult to separate the risks and assign to the 
various programs. 
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Conclusions and Forward Plan 




• Despite the challenges associated with this analysis, it is believed 
that this model represents a very useful tool to the agency help 
verify LOC/LOM requirements and to support trade studies, which 
look at various design and/or operational options to optimize the 
allocation of resources to obtain the most risk reduction within all 
other constraints. 

• This model will be expanded in future updates to include additional 
mission phases, such as in-space and nominal EDL, and challenges 
identified will be addressed to improve the overall quality of the 
model. 
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